def configure_auth(config): def get_current_user(request): # NOTE: we have to use unauthenticated_userid below. This just cracks open # the auth cookie and returns the id therein without further verification. # Specifically, we cannot use authenticated_userid because this will call # get_principals, defined below. This would cause infinite recursion. uid = unauthenticated_userid(request) user = logic.user.try_get(uid) if uid is not None else None return user def get_impersonator_user(request): uid = request.session.get('impersonator_id') user = logic.user.try_get(uid) if uid is not None else None return user def get_principals(user_id, request): """ Return the set of security principals for this request. None means unauthenticated, empty list means authenticated but has no principals associated. """ user = request.current_user impersonator = request.impersonator_user if user: principals = [str(user.id)] # at minimum, user is his own principal principals.extend(user.groups or []) if impersonator: principals.extend(impersonator.groups or []) principals = list(set(principals)) else: principals = None return principals the_settings = config.registry.settings policy = AuthTktAuthenticationPolicy( the_settings['giza.authn_secret'], hashalg='sha512', callback=get_principals, cookie_name=str(the_settings['giza.auth_cookie']) # can't be unicode ) config.set_authentication_policy(policy) config.set_authorization_policy(ACLAuthorizationPolicy()) config.add_request_method(get_current_user, str('current_user'), reify=True) config.add_request_method(get_impersonator_user, str('impersonator_user'), reify=True) session_cookie_name = str(the_settings['giza.session_cookie']) # can't be unicode session_secret = str(the_settings['giza.session_secret']) factory = UnencryptedCookieSessionFactoryConfig( session_secret, timeout=86400*365, cookie_max_age=86400*365, cookie_name=session_cookie_name, ) config.set_session_factory(factory)
def main(global_config, **settings): logging.config.fileConfig(settings['logging.config'], disable_existing_loggers=False) """ This function returns a Pyramid WSGI application. """ config = Configurator(settings=settings, root_factory='jungo.model.RootFactory') config.include('pyramid_chameleon') config.add_static_view('static', 'static', cache_max_age=3600) config.add_route('home', '/old-home') config.add_route('search', '/') config.add_route('common_interests', '/common-interests') config.add_route('profile', '/me') config.add_route('user', '/user/{username}') config.add_route('login', '/login') config.add_route('logout', '/logout') config.add_route('interest_match', '/interest-match/{username}/{interest_id}') config.add_route('api_add_user', '/api/user', request_method='POST') config.add_route('api_user', '/api/user/{username}', request_method='GET') config.add_route('api_add_interests', '/api/user/{username}/interests', request_method='POST') config.add_route('api_common_interests', '/api/common-interests', request_method='GET') authn_policy = AuthTktAuthenticationPolicy('super secret magic', callback=groupfinder, hashalg='sha512') authz_policy = ACLAuthorizationPolicy() config.set_authentication_policy(authn_policy) config.set_authorization_policy(authz_policy) config.set_session_factory(session_factory) db_url = settings['mongo_uri'] config.registry.client = pymongo.MongoClient(db_url) def add_db(request): uri = urlparse.urlparse(db_url) db = config.registry.client[uri.path[1:]] if uri.username and uri.password: db.authenticate(uri.username, uri.password) return DataStore(db) add_db(None).create_indices() config.add_request_method(add_db, 'db', reify=True) config.scan() return config.make_wsgi_app()
def main(global_config, **settings): """ This function returns a Pyramid WSGI application. """ config = Configurator(settings=settings) config.include('pyramid_chameleon') config.add_subscriber(add_cors_headers_response_callback, NewRequest) social_providers = config.registry.settings['allow_auth'].split(',') if 'google' in social_providers: config.include('velruse.providers.google_oauth2') config.add_google_oauth2_login_from_settings() if 'github' in social_providers: config.include('velruse.providers.github') config.add_github_login_from_settings() config.add_subscriber(before_render, BeforeRender) my_session_factory = session_factory_from_settings(settings) config.set_session_factory(my_session_factory) yaml_config = None try: with open(config.registry.settings['config'], 'r') as ymlfile: yaml_config = yaml.load(ymlfile) if yaml_config['log_config'] is not None: for handler in list( yaml_config['log_config']['handlers'].keys()): yaml_config['log_config']['handlers'][handler] = dict( yaml_config['log_config']['handlers'][handler]) logging.config.dictConfig(yaml_config['log_config']) except Exception as e: logging.error('No config file found or declared: ' + str(e)) logging.warn('Start bioshadock web server') config.registry.config = yaml_config mongo = MongoClient(yaml_config['services']['mongo']['url']) dbmongo = mongo[yaml_config['services']['mongo']['db']] config.registry.db_mongo = dbmongo r = redis.StrictRedis(host=yaml_config['services']['redis']['host'], port=yaml_config['services']['redis']['port'], db=yaml_config['services']['redis']['db']) config.registry.db_redis = r config.registry.admin = yaml_config['general']['admin'].split(',') config.registry.es = Elasticsearch( yaml_config['services']['elastic']['host'].split(',')) config.registry.ldap_server = None config.registry.con = None if yaml_config['ldap']['use'] == 1: # Check if in ldap #import ldap from ldap3 import Server, Connection, AUTH_SIMPLE, STRATEGY_SYNC, STRATEGY_ASYNC_THREADED, SEARCH_SCOPE_WHOLE_SUBTREE, GET_ALL_INFO try: ldap_host = yaml_config['ldap']['host'] ldap_port = yaml_config['ldap']['port'] config.registry.ldap_server = Server(ldap_host, port=ldap_port, get_info=GET_ALL_INFO) except Exception as err: logging.error(str(err)) sys.exit(1) config.add_static_view('static', 'static', cache_max_age=3600) runenv = "dist" if "BIOSHADOCK_ENV" in os.environ and os.environ["BIOSHADOCK_ENV"] == "dev": runenv = "app" config.registry.runenv = runenv config.add_static_view('app', 'shadock:webapp/' + runenv + '/') config.add_route('home', '/') config.add_route('config', '/config') config.add_route('search', '/search') config.add_route('user_is_logged', '/user/logged') config.add_route('users', '/user') config.add_route('user_logout', '/user/logout') config.add_route('user_bind', '/user/bind') config.add_route('user', '/user/{id}') config.add_route('containers', '/container') config.add_route('containers_all', '/container/all') config.add_route('containers_latest', '/container/latest') config.add_route('containers_search', '/container/search') config.add_route('containers_new', '/container/new') config.add_route('container_manifest', '/container/manifest/*id') config.add_route('container_tags', '/container/tags/*id') config.add_route('container_dockerfile', '/container/dockerfile/*id') config.add_route('container_git', '/container/git/*id') config.add_route('container_tag', '/container/tag/*id') config.add_route('container_elixir', '/container/elixir/*id') config.add_route('container_metaelixir', '/container/metaelixir/*id') config.add_route('container_vulnerabilities', '/container/vulnerabilities/*id') config.add_route('container', '/container/*id') config.add_route('clair_notification', '/clair/notify') config.add_route('builds', '/builds/*id') config.add_route('build', '/build/{id}') config.add_route('api_users', '/v1/users/') config.add_route('api_library', '/v1/repositories/{image}/') config.add_route('api_library_auth', '/v1/repositories/{image}/auth') config.add_route('api_library_images', '/v1/repositories/{image}/images') config.add_route('api_repositories_images_get', '/v1/repositories/{namespace}/{image}/images') config.add_route('api_repositories_images_put', '/v1/repositories/{namespace}/{image}/images') config.add_route('api_repositories_images_layer_access', '/v1/repositories/{namespace}/{image}/layer/{id}/access') config.add_route('api_repositories', '/v1/repositories/{namespace}/{image}/') config.add_route('api_repositories_auth', '/v1/repositories/{namespace}/{image}/auth') config.add_route('api_ping', '/v1/_ping') config.add_route('api2_ping', '/v2/_ping') config.add_route('api2_token', '/v2/token/') config.add_route('api2_other', '/v2/*api') config.add_route('api_other', '/v1/*api') # GA4GH API config.add_route('ga4gh_tools', '/api/ga4gh/v1/tools') config.add_route('ga4gh_tools_id', '/api/ga4gh/v1/tools/{id}') config.add_route('ga4gh_tools_id_versions', '/api/ga4gh/v1/tools/{id}/versions') config.add_route('ga4gh_tools_id_version', '/api/ga4gh/v1/tools/{id}/versions/{versionid}') config.add_route( 'ga4gh_tools_id_version_descriptor', '/api/ga4gh/v1/tools/{id}/versions/{versionid}/{type}/descriptor') config.add_route( 'ga4gh_tools_id_version_descriptor_file_relative_path', '/api/ga4gh/v1/tools/{id}/versions/{versionid}/{type}/descriptor/{relativepath}' ) config.add_route( 'ga4gh_tools_id_version_dockerfile', '/api/ga4gh/v1/tools/{id}/versions/{versionid}/dockerfile') config.add_route('ga4gh_metadata', '/api/ga4gh/v1/metadata') config.add_route('ga4gh_tool_classes', '/api/ga4gh/v1/tool-classes') # Deprecated config.add_route('ga4gh_tools_query', '/api/ga4gh/v1/tools/query') config.add_route('ga4gh_tool_descriptor', '/api/ga4gh/v1/tools/{id}/descriptor') config.add_route('ga4gh_tool_dockerfile', '/api/ga4gh/v1/tools/{id}/dockerfile') config.scan() json_renderer = JSON() def pymongo_adapter(obj, request): return json_util.default(obj) json_renderer.add_adapter(ObjectId, pymongo_adapter) json_renderer.add_adapter(datetime.datetime, pymongo_adapter) config.add_renderer('json', json_renderer) return config.make_wsgi_app()